CVE-2018-1388

Name of the Vulnerable Software and Affected Versions GSKit V7 GSKit (affected versions not specified)

Description The issue may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. Additionally, the GSKit CMS KDB logic fails to salt the hash function, resulting in weaker than expected protection of passwords, which may allow a weak password to be recovered.

Recommendations For GSKit V7, update to a version that addresses the issue and change passwords to ensure they are stored more securely. For other affected versions of GSKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.